Re: [FW-1] SQL injection protection

Sun, 24 Oct 2010 06:43:06 -0700 

Agreed. Even the so-called "Web Intelligence" generates false positives like 
crazy. Have someone type PS in a form, as in "ps don't forget about the meeting 
tomorrow" and the POS blocks it as command injection (the Linux "ps" command). 
It seems to have only rudimentary, if any, sense of the context of how 
something is used.

If you're just looking for something to block basic attacks and don't need 
tight controls, look at dotDefender from www.applicure.com . It works as an 
ISAPI plug-in on Windows or as a shared object on Apache.

If you need tight controls, for example the need to whitelist what can get 
entered into fields, look at SecureSphere from www.imperva.com . It's an 
appliance that runs in bridge mode between the Internet and the web servers. If 
the web server is linked to a database on a different network, as it should be, 
putting the Imperva SecureSphere appliance in allows it to see web traffic to 
and from the web server AND allows it to see database traffic between the web 
server and the back-end database. If you buy the appropriate licenses, it can 
then act as a database activity monitor and as a database firewall. 

Ray

> Date: Sun, 24 Oct 2010 12:49:22 +0300
> From: eu...@imacandi.net
> Subject: Re: [FW-1] SQL injection protection
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
> 
> On Sun, Oct 24, 2010 at 09:23, a bv <vbavbal...@gmail.com> wrote:
> > Hi,
> >
> > What are the best practices for monitoring/preventing SQL injection
> > attacks with R70's IPS/R65's Smartdefense and tuning false positives?
> 

> You don't. You use something dedicated for that.
> 
> Scanned by Check Point Total Security Gateway.

                                          
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

Reply via email to